Different IPsec Peer Preshared Keys

JamesB
Just browsing

Different IPsec Peer Preshared Keys

I'm aware of the following site-to-site VPN limitation: Note: Non-Meraki VPN peers are organization-wide, so peers will be configured for all such MX devices in an organization. If you want multiple MX's to connect to the same 3rd party VPN peer they will all have the same shared secret.

 

The security policy of the multi-site deployment I'm currently working on requires different preshared secrets for all branch sites, which is obviously a problem. Does anyone know if this is on a roadmap for future enhancement?

3 REPLIES 3
WANKiller
Head in the Cloud

Re: Different IPsec Peer Preshared Keys

I've run into this issue too. No communication regards to if this is on the roadmap to be resolved. I also want the option to have an "NULL" encryption mechanism!

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
PhilipDAth
Kind of a big deal

Re: Different IPsec Peer Preshared Keys

If it often easier to get an extra MX and have it put into the terminating agency.  They can plug the LAN side of the MX into their firewall and still retain control of the data flows.  You can then use simple AutoVPN.

GreenMan
Meraki Employee

Re: Different IPsec Peer Preshared Keys

Only just saw this comment, looking for something else...   You know null encryption is now supported for third party VPN tunnels?  under Security & SD-WAN > Site-to-site VPN > Organization-wide settings > Non-Meraki VPN peers. Then select IPsec policies > Phase 2 > NULL.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.